
A REVISION OF THE PROOF OF THE KEPLER CONJECTURE THOMAS C. HALES, JOHN HARRISON, SEAN MCLAUGHLIN, TOBIAS NIPKOW, STEVEN OBUA, AND ROLAND ZUMKELLER Abstract. The Kepler conjecture asserts that no packing of congru- ent balls in three-dimensional Euclidean space has density greater than that of the face-centered cubic packing. The original proof, announced in 1998 and published in 2006, is long and complex. The process of revision and review did not end with the publication of the proof. This article summarizes the current status of several long-term initiatives to reorganize the original proof into a more transparent form and to pro- vide a greater level of certification of the correctness of the computer code and other details of the proof. A final part of this article lists errata in the original proof of the Kepler conjecture. Contents Introduction 2 Part 1. Formal Proof Initiatives 3 1. The Flyspeck project 3 2. Blueprint edition of the Kepler conjecture 5 3. Formalizing the ordinary mathematics 7 4. Standard ML reimplementation of code 10 5. Proving nonlinear inequalities with Bernstein bases 12 6. Tame graph enumeration 16 7. Verifying linear programs 19 Part 2. Errata in the Original Proof 21 8. Biconnected graphs 21 9. Errata listing 34 References 37 1 2 HALES, HARRISON, MCLAUGHLIN, NIPKOW, OBUA, AND ZUMKELLER Introduction In 2006, Discrete and Computational Geometry devoted an issue to the proof of the Kepler conjecture on sphere packings, which asserts that no packing of congruent balls in three-dimensional Euclidean space can have density greater than that of the face-centered cubic packing [22], [13], [14], [15], [5]. The proof is long and complex. The editors' forward to that issue remarks that “the reviewing of these papers was a particularly enormous and daunt- ing task.” “The main portion of the reviewing took place in a seminar run at E¨otvos University over a 3 year period. Some computer experiments were done in a detailed check. The nature of this proof, consisting in part of a large number of inequalities having little internal structure, and a com- plicated proof tree, makes it hard for humans to check every step reliably. Detailed checking of specific assertions found them to be essentially cor- rect in every case tested. The reviewing process produced in the reviewers a strong degree of conviction of the essential correctness of the proof approach, and that the reduction method led to nonlinear programming problems of tractable size.” The process of review and revision did not end when the proof was published. This article summarizes the current status of several long-term initiatives to reorganize the original proof into a more transparent form and to provide a greater level of certification of the correctness of the computer code and other details of the proof. The article contains two parts. The first part describes various initiatives to give a formal proof of the Kepler conjecture. The second part gives errata in the original proof of the Kepler conjecture. Most of these errata are minor. The most significant new argument appears in a separate section (Section 8). It finishes an incomplete argument in the original proof asserting that there is no loss in generality in assuming (for purposes of the main estimate) that subregions are simple polygons. The incomplete argument was detected during the preparation of the blueprint edition of the proof, which is described in Section 2. In this article, the original proof refers to the proof published in [22]. A REVISION OF THE PROOF OF THE KEPLER CONJECTURE 3 Part 1. Formal Proof Initiatives 1. The Flyspeck project The purpose of a long-term project, called the Flyspeck project, is to give a formal proof of the Kepler conjecture. This section makes some preliminary remarks about formal proofs and gives a general overview of the current status of this project. 1.1. Formal proof. A formal proof is a proof in which every logical in- ference has been checked, all the way back to the foundational axioms of mathematics. No step is skipped no matter how obvious it may be to a mathematician. A formal proof may be less intuitive, and yet is less suscep- tible to logical errors. Because of the large number of inferences involved, a computer is used to check the steps of a formal proof. It is a large labor-intensive undertaking to transform a traditional proof into a formal proof. The first stage is to expand the traditional proof in greater detail. This stage fills in steps that a mathematician would regard as obvi- ous, works out arguments that the original proof leaves to the reader, and supplies the assumed background knowledge. In a final stage, the detailed text is transcribed into a computer-readable format inside a computer proof assistant. The proof assistant contains mathematical axioms, logical rules of inference, and a collection of previously proved theorems. It validates each new lemma by stepping through each inference. No other currently available technology is able to provide levels of certification of a complex mathematical proof that is remotely comparable to that available by formal computer verification. A general overview of formal proofs can be found at [7, 21, 27]. Proof assistants differ in detail in the way they treat the formalization of a theorem that is itself a computer verification (such as the proof of the four color theorem or the proof of the Kepler conjecture). In general, a formal proof of a computer verification can be viewed as a formal proof of the correctness of the computer code used in the verification. That is, the formal proof certifies that the the code is a bug-free implementation of its specification. 1.2. Formal proof of the Kepler conjecture. As mentioned above, the purpose of the Flyspeck project is to give a formal proof of the Kepler conjecture. (The project name Flyspeck comes from the acronym FPK, for the Formal Proof of the Kepler conjecture.) This is the most complex formal 4 HALES, HARRISON, MCLAUGHLIN, NIPKOW, OBUA, AND ZUMKELLER proof ever undertaken. We estimate that it may take about twenty work- years to complete this formalization project. The Flyspeck project is introduced in the article [12]. The project page gives the latest developments [17]. The project is now at an advanced stage; in fact, we estimate that the project is now about half-way complete. One of the main purposes of this article is to present a summary of the current status of this project. In the original proof of the Kepler conjecture, there was a long mathematical text and three major pieces of computer code. The written part of the proof has been substantially revised with aims of the Flyspeck project in mind. Section 2 compares this revised text with the original. There is now a good match between the mathematical background assumed in the text and the mathematical material that is available in the proof assistant HOL Light. Section 3 describes the current level of support in HOL Light for the formalization of Euclidean space and measure theory. In the years following the publication of the original proof, S. McLaughlin has reworked and largely rewritten the entire body of code in a form that is more transparent and more amenable to formalization. Section 4 points out some difficulties in verifying the computer code in its original form and documents the reimplementation. There have been three Ph.D. theses on the Flyspeck project, one devoted to each of the three major pieces of computer code. The first piece of computer code uses interval arithmetic to verify nonlinear inequalities. R. Zumkeller's thesis develops nonlinear inequality proving inside the proof as- sistant Coq [48]. Section 5 gives an example of this work. The second piece of computer code enumerates all tame graphs. (The definition of tameness is rather intricate; its key property is that the set of tame graphs includes all graphs that give a potential counterexample to the conjecture.) G. Bauer's thesis, together with subsequent work with T. Nipkow, completes the formal proof of the enumeration of tame graphs [36]. Section 6 gives a summary of this formalization project. The third piece of computer code generates and runs some 105 linear programs. These linear programs show that none of the potential counterexamples to the Kepler conjecture are actual counterexam- ples. S. Obua's thesis develops the technology to generate and verify the linear programs inside the proof assistant Isabelle [38]. Section 7 describes this research. The ultimate aim is to develop a complete formal proof of the Kepler con- jecture within a single proof assistant. Because of the scope of the prob- lem and the number of researchers involved, different proof assistants have been used for different parts of the proof: HOL Light for background in Eu- clidean geometry and the text, Coq for nonlinear inequality verification, and Isabelle/HOL for graph enumeration and linear programming. This raises A REVISION OF THE PROOF OF THE KEPLER CONJECTURE 5 the issue of how to translate a formal proof automatically from one proof assistant to another. Implementations of automated translation among the proof assistants HOL, Isabelle, and Coq can be found at [39], [32], [46], [4]. 2. Blueprint edition of the Kepler conjecture The blueprint edition of the proof of the Kepler conjecture is a second- generation proof that contains far more explicit detail than the original proof. The blueprint edition is available at [18, 19]. Many proofs have been significantly simplified and systematized. It has been written in a manner to permit easy formalization. As its name might suggest, this version is intended as a blueprint for the construction of a formal proof.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages40 Page
-
File Size-